Why Pwn2Own doesn't target Linux
The annual Pwn2Own hacking challenge kicks off today, pitting security researchers against web browsers and mobile platforms. The HP TippingPoint sponsored event grows every year to include more platforms, though Linux isn't among them.
Pwn2Own will target IE, Firefox, Safari and Chrome all running on Windows 7. Windows XP isn't on the target list and neither is Linux, for different reasons.
I spoke with Aaron Portnoy, Manager of the Security Research Team at HP TippingPoint the other day and asked him why Linux wasn't being included. Apparently the question is among the most common questions he is ever asked about Pwn2Own.
"Linux is not an operating system that has widespread use with any one particular distribution, flavor or configuration," Portnoy said. "In general Linux is still a server-based operating system, people do use it on the desktop, but you can't go to BestBuy and buy Linux with a specific distro on it that everyone uses that has widespread market share. If we were to include Linux, we'd have even more controversy and we just don't want to deal it."
I would love to see, Mark Shuttleworth put up $10,000 (or more) for an Ubuntu challenge on Pwn2Own, as that's likely the only way (in the short term) that Linux on the desktop will get the intense security scrutiny that Pwn2Own provides.
Oh and were you wondering why Windows XP isn't included this year? That's an easy one.
Since Windows 7 is now available, Portnoy and the contest organizers figure that's the most secure version of Windows and quite simply, Windows XP just doesn't measure up.